ABSTRACT
Business and economic considerations are driving the extensive use of service differentiation in Virtual Private Networks (VPNs) operated for business enterprises today. The resulting Class of Service (CoS) designs embed complex policy decisions based on the described priorities of various applications, extent of bandwidth availability, and cost considerations. These inherently complex high-level policies are realized through low-level router configurations. The configuration process is tedious and error-prone given the highly intertwined nature of CoS configuration, the multiple router configurations over which the policies are instantiated, and the complex access control lists (ACLs) involved. Our contributions include (i) a formal approach to modeling CoS policies from router configuration files in a precise manner; (ii) a practical and computationally efficient tool that can determine the CoS treatment received by an arbitrary set of flows across multiple routers; and (iii) a validation of our approach in enabling applications such as troubleshooting, auditing, and visualization of network-wide CoS design, using router configuration data from a cross-section of 150 diverse enterprise VPNs. To our knowledge, this is the first effort aimed at modeling and analyzing CoS configurations.
- Cisco IP solution center. http://www.cisco.com/en/US/products/sw/netmgtsw/ps4748/index.html.Google Scholar
- DSL forum TR--069. http://www.broadband--forum.org/technical/download/TR--069.pdf.Google Scholar
- Intelliden. http://www.intelliden.com/.Google Scholar
- C. Alaettinoglu, C. Villamizar, E. Gerich, D. Kessensand, D. Meyer, T. Bates, D. Karrenberg, and M. Terpstra. Routing policy specification language (RPSL). RFC 2622, June 1999. Google ScholarDigital Library
- T. Benson, A. Akella, and D. Maltz. Unraveling the complexity of network management. In Proc. NSDI, 2009. Google ScholarDigital Library
- H. Boehm, A. Feldmann, O. Maennel, C. Reiser, and R. Volk. Network-wide inter-domain routing policies: Design and realization. In Proc. NANOG 34, 2005.Google Scholar
- J. Case, M. Fedor, M. Schoffstall, and J. Davin. A simple network management protocol (SNMP). RFC 1157, May 1990. Google ScholarDigital Library
- Distributed Management Task Force, Inc. http://www.dmtf.org.Google Scholar
- W. Enck, P. McDaniel, S. Sen, P. Sebos, S. Spoerel, A. Greenberg, S. Rao, and W. Aiello. Configuration management at massive scale: System design and experience. In Proc. USENIX, 2007. Google ScholarDigital Library
- N. Feamster and H. Balakrishnan. Detecting BGP configuration faults with static analysis. In Proc. NSDI, 2005. Google ScholarDigital Library
- A. Feldmann and J. Rexford. IP network configuration for intradomain traffic engineering. In IEEE Network Magazine, Sept. 2001.Google ScholarDigital Library
- H. Hamed and E. Al-Shaer. Anomaly discovery in distributed firewalls. In Proc. IEEE INFOCOM, 2004.Google Scholar
- H. Hamed, E. Al-Shaer, and W. Marrero. Modeling and verification of ipsec and vpn security policies. In Proc. IEEE ICNP, 2005. Google ScholarDigital Library
- S. Hazelhurst, A. Attar, and R. Sinnappan. Algorithms for improving the dependability of firewall and filter rule lists. In Proc. DSN, 2000. Google ScholarDigital Library
- P. G. Hinman. Fundamentals of Mathematical Logic. A K Peters Ltd, 2005.Google Scholar
- F. Le, G. Xie, D. Pei, J. Wang, and H. Zhang. Shedding light on the glue logic of internet routing architecture. In Proc. ACM SIGCOMM, 2008. Google ScholarDigital Library
- D. Maltz, G. Xie, J. Zhan, H. Zhang, G. Hjalmtysson, and A. Greenberg. Routing design in operational networks: A look from the inside. In Proc. ACM SIGCOMM, 2004. Google ScholarDigital Library
- G. Xie, J. Zhan, D. A. Maltz, H. Zhang, A. Greenberg, G. Hjalmtysson, and J. Rexford. On static reachability analysis of IP networks. In Proc. IEEE INFOCOM, 2005.Google ScholarCross Ref
- L. Yuan, C.-N. Chuah, and P. Mohapatra. Progme: Towards programmable network measurement. In Proc. ACM SIGCOMM, 2007. Google ScholarDigital Library
- L. Yuan, J. Mai, Z. Su, H. Chen, C.-N. Chuah, and P. Mohapatra. Fireman: A toolkit for firewall modeling and analysis. In Proc. IEEE Symposium on Security and Privacy, 2006. Google ScholarDigital Library
Index Terms
- Modeling and understanding end-to-end class of service policies in operational networks
Recommendations
Modeling and understanding end-to-end class of service policies in operational networks
SIGCOMM '09Business and economic considerations are driving the extensive use of service differentiation in Virtual Private Networks (VPNs) operated for business enterprises today. The resulting Class of Service (CoS) designs embed complex policy decisions based ...
An end-to-end QoS framework with on-demand bandwidth reconfiguration
This paper proposes a new QoS framework, called the On-Demand QoS Path framework (ODP). It provides end-to-end QoS guarantees to individual flows with minimal overhead, while keeping the scalability characteristic of DiffServ. ODP exercises per-flow ...
Routing and admission control with multiconstrained end-to-end quality of service in MPLS networks
Multiprotocol label switching (MPLS) networks require dynamic flow admission control to guarantee end-to-end quality of service (QoS) for each Internet protocol (IP) traffic flow. In this paper, we propose to tackle the joint routing and admission ...
Comments